Home > Backend Development > PHP Problem > How to disable eval in php

How to disable eval in php

藏色散人
Release: 2023-03-04 09:04:02
Original
3352 people have browsed it

How to disable eval in php: first install the php extension "Suhosin"; then load "Suhosin.so" in "php.ini"; finally add the content "suhosin.executor.disable_eval = on" That’s it.

How to disable eval in php

Recommended: "PHP Video Tutorial"

php eval() function operates on arrays:

<?php
$data = "array(&#39;key1&#39;=>&#39;value1&#39;,&#39;key2&#39;=>&#39;value2&#39;,&#39;key3&#39;=>&#39;value3&#39;,&#39;key4&#39;=>&#39;value4&#39;)";
$arr = eval("return $data;");
var_dump($arr); //array
?>
Copy after login

Run results:

array(4) { ["key1"]=> string(6) "value1" ["key2"]=> string(6) "value2" ["key3"]=> string(6) "value3" ["key4"]=> string(6) "value4" }
Copy after login

Many methods on the Internet that use disable_functions to disable eval are wrong!

In fact, eval() cannot be disabled using disable_functions in php.ini:

because eval() is a language construct and not a function
Copy after login

eval is zend, so it is not a PHP_FUNCTION function;

Then How to disable eval in php?

If you want to disable eval, you can use the php extension Suhosin:

After installing Suhosin, load Suhosin.so in php.ini, plus suhosin.executor.disable_eval = Just turn it on.

The above is the detailed content of How to disable eval in php. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template